Manalyze report for 2f652901fe5772e3e3c1d3db052b163e910d22cd2d311f482839121532bc0dd0

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2039-Jul-15 21:04:31
Detected languages	English - United States
Debug artifacts	notepad.pdb
CompanyName	Microsoft Corporation
FileDescription	Notepad
FileVersion	`10.0.26100.8328 (WinBuild.160101.0800)`
InternalName	Notepad
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	NOTEPAD.EXE
ProductName	MicrosoftÂ® WindowsÂ® Operating System
ProductVersion	`10.0.26100.8328`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0`
Info	Interesting strings found in the binary:	`Contains domain names: go.microsoft.com https://go.microsoft.com https://go.microsoft.com/fwlink/?LinkId https://go.microsoft.com/fwlink/p/?linkid microsoft.com`
Suspicious	The PE is possibly packed.	`Unusual section name found: fothk`
Malicious	The PE contains functions mostly used by malware.	`Can access the registry: RegSetKeyValueW RegQueryValueExW RegGetValueW RegSetValueExW RegEnumValueW RegQueryInfoKeyW RegCreateKeyExW RegCloseKey RegOpenKeyExW RegDeleteKeyExW RegCreateKeyW` `Possibly launches other programs: CreateProcessW` `Functions related to the privilege level: OpenProcessToken` `Can take screenshots: CreateCompatibleDC GetDC`
Safe	VirusTotal score: 0/71 (Scanned on 2026-05-20 15:16:44)	`All the AVs think this file is safe.`

Hashes

MD5	`017b54a1f42119891b0a8439989cebc2`
SHA1	`7fca9e4ccc6271af6856fab46d8cc40311af11a7`
SHA256	`2f652901fe5772e3e3c1d3db052b163e910d22cd2d311f482839121532bc0dd0`
SHA3	`420f5c0bc86f20ab48e62d13382539cfb79a748623def575cfc0607c39a23988`
SSDeep	`6144:w4XlL5V24T7G/baHXOgAcIXl/FQu0CH+hhFuiqCwiQ5gfzDVlVXgJ:ZXlLX2IG/GHAR/FQuy1Q5GpX`
Imports Hash	`8b6365c119894a95a23d0b7d0f64d38c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2039-Jul-15 21:04:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x28000`
SizeOfInitializedData	`0x31000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000019C0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x5a000`
SizeOfHeaders	`0x1000`
Checksum	`0x5e060`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x11000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`243b377cce496670667184041c5cee5f`
SHA1	`ad80b94a1f5d2b607294090ddc3ea2f25ed00831`
SHA256	`72494518f2bfd075bfddec68aecaf811e8ab7cabb867f6dcc0041ebd38f35043`
SHA3	`6af1e4cfd42b5f114d746a34e026e9c2dac7a2a562c646e176ba2394aae9eb7d`
VirtualSize	`0x267e2`
VirtualAddress	`0x1000`
SizeOfRawData	`0x27000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.23809`

fothk

MD5	`58007d0f0709fd16f7f4e03fd621dabb`
SHA1	`1f9262357621c67e1889d96a703eca956ed9e3d7`
SHA256	`7bed6d8c228319384b9f45a13f555da9204d549b0631f4cd7ec30044b0328b98`
SHA3	`b84e84f662e70fdb19976123ea515e25ed440b726e4334d4e0b968b669dba420`
VirtualSize	`0x1000`
VirtualAddress	`0x28000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x28000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0159202`

.rdata

MD5	`b9ecf65e6cecf53cac07d469688b7aeb`
SHA1	`b246ddb76097fe30013be90f1626b42b6b6b68cf`
SHA256	`be12669a8bdaf0e422289107a8982caa8fbc8089637e2eb7c2826e5104d9b1d3`
SHA3	`6b34a83656e0f71ae7c8f8166b7c805ffedbe8d05a30f2337740e0b72171efd7`
VirtualSize	`0xa6b0`
VirtualAddress	`0x29000`
SizeOfRawData	`0xb000`
PointerToRawData	`0x29000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.58035`

.data

MD5	`acfa9b368b5dcc57b436b353b278c96e`
SHA1	`f797e1601a5982acbc63e8d91b8e1ba1bd5c1a74`
SHA256	`1cc9514f72f6a1a2715c656cd1d4d4af4925045d4aac8ccfe530835710970a6b`
SHA3	`16917b9fbe4fba8b71788a0fd12bb1b9af0b469a05e5388f4febd57968f270c3`
VirtualSize	`0x2740`
VirtualAddress	`0x34000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x34000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.62428`

.pdata

MD5	`acd933acae6c26af6e1029f5e4238cbd`
SHA1	`571a1f52c3cbd037604d2011aa50063d99bbd97e`
SHA256	`7af49241226fdef1a3746060dfa4c9c5b05dce1415fa05354a4a9178a20b9df8`
SHA3	`6939212316ce4f536327a3e9061da3aac2ebfa78ae5e4e6dba676af16f729572`
VirtualSize	`0x1218`
VirtualAddress	`0x37000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x35000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.31987`

.didat

MD5	`79d5a44f19c4147d71c9ad0dee02a0d9`
SHA1	`27952428836d78353502326842a91afca17be018`
SHA256	`29e64e4b98745cc7b25d5ad34a6b260453de66d73c7bcd755a7b1684f5d78b2f`
SHA3	`6b1983acf5cd2d5034c1039d95d869e23343c3f7b583f4d3119c10b7882cc072`
VirtualSize	`0xf8`
VirtualAddress	`0x39000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x37000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.252013`

.rsrc

MD5	`3213080d5a1e1b71001271d1147f0948`
SHA1	`06176826dc520170c454f2bad7ac50bf74e845c0`
SHA256	`983f2d19685e3009a576343d0875d7956ef00f368c89f5c014914728f4dfd170`
SHA3	`5bd1561a72463f30b68dba58e9dbdb42c4c2a7805b4d1dec6c4188ffecce40e1`
VirtualSize	`0x1e1d0`
VirtualAddress	`0x3a000`
SizeOfRawData	`0x1f000`
PointerToRawData	`0x38000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.96797`

.reloc

MD5	`075cbda2299ffeaed4bca024433ee691`
SHA1	`676335a9b66fcdba4beca77adb39e2579416d34d`
SHA256	`e5fa359f19a07dd69d29be9f65c0426f958554ce8a1ca5ec87773d788ebc895f`
SHA3	`0203b7f247e484be548d976aa307efcb32f9d1ec7b8e080947c3b3f7b59963a6`
VirtualSize	`0x35c`
VirtualAddress	`0x59000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x57000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.61548`

Imports

GDI32.dll	`SetMapMode` `SetViewportExtEx` `SetWindowExtEx` `LPtoDP` `SetBkMode` `GetTextMetricsW` `TextOutW` `AbortDoc` `EndDoc` `SetAbortProc` `StartDocW` `StartPage` `CreateDCW` `EnumFontsW` `GetTextFaceW` `GetDeviceCaps` `DeleteDC` `DeleteObject` `SetBkColor` `CreateSolidBrush` `GetTextExtentPoint32W` `SelectObject` `CreateCompatibleDC` `EndPage` `CreateFontIndirectW`
USER32.dll	`PostQuitMessage` `BeginPaint` `EndPaint` `FillRect` `DrawTextW` `DrawFocusRect` `DefWindowProcW` `TrackMouseEvent` `InvalidateRect` `DestroyIcon` `SetThreadDpiAwarenessContext` `DialogBoxParamW` `LoadIconW` `GetFocus` `MessageBoxW` `ShowWindow` `SetCursor` `SetActiveWindow` `EnableMenuItem` `IsIconic` `SetFocus` `MessageBeep` `GetForegroundWindow` `GetDlgCtrlID` `SetWindowPos` `RedrawWindow` `GetKeyboardLayout` `CharNextW` `SetWinEventHook` `GetMessageW` `TranslateAcceleratorW` `IsDialogMessageW` `TranslateMessage` `DispatchMessageW` `UnhookWinEvent` `SetWindowTextW` `GetMenu` `GetSubMenu` `OpenClipboard` `IsClipboardFormatAvailable` `CloseClipboard` `CheckMenuItem` `SetDlgItemTextW` `GetDlgItemTextW` `EndDialog` `SendDlgItemMessageW` `SetScrollPos` `UpdateWindow` `GetWindowPlacement` `SetWindowPlacement` `CharUpperW` `GetSystemMenu` `LoadAcceleratorsW` `SetWindowLongW` `MonitorFromWindow` `RegisterWindowMessageW` `LoadCursorW` `LoadImageW` `RegisterClassExW` `GetWindowLongW` `PeekMessageW` `GetWindowTextW` `EnableWindow` `CreateDialogParamW` `DrawTextExW` `IsWindow` `CreateDialogIndirectParamW` `GetPropW` `SetPropW` `GetDlgItem` `RemovePropW` `CheckDlgButton` `CheckRadioButton` `IsDlgButtonChecked` `NotifyWinEvent` `CreateWindowExW` `GetWindowTextLengthW` `GetClientRect` `DestroyWindow` `GetDpiForWindow` `SystemParametersInfoForDpi` `SendMessageW` `MoveWindow` `GetDC` `LoadStringW` `PostMessageW` `ReleaseDC`
api-ms-win-crt-string-l1-1-0.dll	`wcscmp` `wcsnlen` `memset`
api-ms-win-crt-runtime-l1-1-0.dll	`_c_exit` `_initterm_e` `_initterm` `_register_thread_local_exe_atexit_callback`
api-ms-win-crt-private-l1-1-0.dll	`_o__get_wide_winmain_command_line` `_o__initialize_onexit_table` `_o__initialize_wide_environment` `_o__invalid_parameter_noinfo` `_o__purecall` `_o__register_onexit_function` `_o__seh_filter_exe` `_o__set_app_type` `_o__set_fmode` `_o__set_new_mode` `_o__wcsicmp` `_o__wtol` `_o_exit` `_o_free` `_o_iswdigit` `_o_malloc` `_o_terminate` `__CxxFrameHandler3` `__current_exception` `__current_exception_context` `_CxxThrowException` `_o__crt_atexit` `_o___stdio_common_vswprintf` `_o__configure_wide_argv` `_o___std_exception_destroy` `_o___std_exception_copy` `_o__configthreadlocale` `_o___p__commode` `_o__exit` `_o__cexit` `_o__callnewh` `_o__beginthreadex` `_o__errno` `wcsrchr` `wcschr` `__C_specific_handler` `memcmp` `memcpy` `memmove`
api-ms-win-core-libraryloader-l1-2-0.dll	`LockResource` `GetModuleHandleExW` `FindResourceExW` `LoadResource` `GetModuleHandleA` `GetModuleFileNameA` `FreeLibrary` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW`
api-ms-win-core-synch-l1-1-0.dll	`LeaveCriticalSection` `InitializeCriticalSectionEx` `WaitForSingleObject` `ReleaseSemaphore` `ReleaseSRWLockExclusive` `EnterCriticalSection` `SetEvent` `CreateEventExW` `AcquireSRWLockExclusive` `ReleaseMutex` `WaitForSingleObjectEx` `DeleteCriticalSection` `AcquireSRWLockShared` `CreateMutexExW` `OpenSemaphoreW` `ReleaseSRWLockShared` `CreateSemaphoreExW`
api-ms-win-core-heap-l1-1-0.dll	`GetProcessHeap` `HeapAlloc` `HeapSetInformation` `HeapFree`
api-ms-win-core-errorhandling-l1-1-0.dll	`UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `RaiseException` `GetLastError` `SetLastError`
api-ms-win-core-threadpool-l1-2-0.dll	`CloseThreadpoolTimer` `WaitForThreadpoolTimerCallbacks` `CreateThreadpoolTimer` `SetThreadpoolTimer`
api-ms-win-core-processthreads-l1-1-0.dll	`GetCurrentProcess` `OpenProcessToken` `CreateProcessW` `TerminateProcess` `GetCurrentThreadId` `GetStartupInfoW` `GetCurrentProcessId`
api-ms-win-core-localization-l1-2-0.dll	`FormatMessageW` `FindNLSString` `GetLocaleInfoW` `GetACP`
api-ms-win-core-debug-l1-1-0.dll	`IsDebuggerPresent` `OutputDebugStringW` `DebugBreak`
api-ms-win-core-handle-l1-1-0.dll	`CloseHandle`
api-ms-win-core-com-l1-1-0.dll	`CoTaskMemFree` `CoCreateInstance` `CoInitializeEx` `PropVariantClear` `CoUninitialize` `CoWaitForMultipleHandles` `CoCreateGuid` `CoTaskMemAlloc` `CoCreateFreeThreadedMarshaler`
api-ms-win-core-registry-l1-1-1.dll	`RegSetKeyValueW`
api-ms-win-core-largeinteger-l1-1-0.dll	`MulDiv`
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	`PathFindExtensionW` `PathIsFileSpecW` `PathFileExistsW`
api-ms-win-core-winrt-string-l1-1-0.dll	`WindowsDeleteString` `WindowsCreateString` `WindowsCreateStringReference` `WindowsGetStringRawBuffer`
api-ms-win-core-registry-l1-1-0.dll	`RegQueryValueExW` `RegGetValueW` `RegSetValueExW` `RegEnumValueW` `RegQueryInfoKeyW` `RegCreateKeyExW` `RegCloseKey` `RegOpenKeyExW` `RegDeleteKeyExW`
api-ms-win-core-winrt-l1-1-0.dll	`RoGetActivationFactory`
api-ms-win-core-heap-l2-1-0.dll	`LocalUnlock` `LocalFree` `LocalLock` `GlobalAlloc` `GlobalFree` `LocalAlloc` `LocalReAlloc`
api-ms-win-core-file-l1-1-0.dll	`DeleteFileW` `GetFileAttributesW` `SetEndOfFile` `GetFileAttributesExW` `GetFileInformationByHandle` `FindClose` `FindFirstFileW` `CreateFileW` `ReadFile` `GetDiskFreeSpaceExW` `GetFullPathNameW` `CreateDirectoryW` `WriteFile`
api-ms-win-shcore-obsolete-l1-1-0.dll	`SHStrDupW`
api-ms-win-security-base-l1-1-0.dll	`GetTokenInformation`
api-ms-win-core-processenvironment-l1-1-0.dll	`GetCurrentDirectoryW` `GetCommandLineW` `SetCurrentDirectoryW`
api-ms-win-core-string-l1-1-0.dll	`FoldStringW` `WideCharToMultiByte` `CompareStringOrdinal` `MultiByteToWideChar`
api-ms-win-core-psapi-l1-1-0.dll	`K32GetModuleFileNameExW`
api-ms-win-core-localization-obsolete-l1-2-0.dll	`GetUserDefaultUILanguage`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetLocalTime` `GetSystemTimeAsFileTime`
api-ms-win-core-datetime-l1-1-0.dll	`GetDateFormatW` `GetTimeFormatW`
api-ms-win-shcore-path-l1-1-0.dll	`#170`
api-ms-win-core-memory-l1-1-0.dll	`MapViewOfFile` `CreateFileMappingW` `UnmapViewOfFile`
api-ms-win-core-registry-l2-1-0.dll	`RegCreateKeyW`
api-ms-win-core-heap-obsolete-l1-1-0.dll	`LocalSize` `GlobalLock` `GlobalUnlock`
api-ms-win-shcore-scaling-l1-1-1.dll	`GetDpiForMonitor`
api-ms-win-core-string-obsolete-l1-1-0.dll	`lstrcmpiW`
api-ms-win-core-windowserrorreporting-l1-1-3.dll	`RegisterApplicationRestart`
api-ms-win-eventing-provider-l1-1-0.dll	`EventRegister` `EventUnregister` `EventWriteTransfer` `EventSetInformation`
api-ms-win-base-util-l1-1-0.dll	`IsTextUnicode`
api-ms-win-core-libraryloader-l1-2-1.dll	`FindResourceW`
api-ms-win-core-rtlsupport-l1-1-0.dll	`RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext`
api-ms-win-core-processthreads-l1-1-1.dll	`IsProcessorFeaturePresent` `GetProcessMitigationPolicy`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-interlocked-l1-1-0.dll	`InitializeSListHead`
api-ms-win-core-winrt-error-l1-1-0.dll	`SetRestrictedErrorInfo`
api-ms-win-core-winrt-error-l1-1-1.dll	`RoGetMatchingRestrictedErrorInfo`
COMCTL32.dll	`ImageList_Create` `ImageList_SetBkColor` `#381` `ImageList_ReplaceIcon` `#410` `ImageList_Draw` `ImageList_GetIconSize` `#413` `ImageList_Destroy` `#345` `CreateStatusWindowW`
api-ms-win-core-delayload-l1-1-1.dll	`ResolveDelayLoadedAPI`
api-ms-win-core-delayload-l1-1-0.dll	`DelayLoadFailureHook`
ADVAPI32.dll (delay-loaded)	`DecryptFileW` `DuplicateEncryptionInfoFile`

Delayed Imports

Attributes	`0x1`
Name	`ADVAPI32.dll`
ModuleHandle	`0x352a8`
DelayImportAddressTable	`0x39000`
DelayImportNameTable	`0x304a8`
BoundDelayImportTable	`0x30798`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

MICROSOFTEDPENLIGHTENEDAPPINFO

Type	`EDPENLIGHTENEDAPPINFOID`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1`
MD5	`25daad3d9e60b45043a70c4ab7d3b1c6`
SHA1	`0e356ba505631fbf715758bed27d503f8b260e3a`
SHA256	`47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254`
SHA3	`47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc`

MICROSOFTEDPPERMISSIVEAPPINFO

Type	`EDPPERMISSIVEAPPINFOID`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1`
MD5	`25daad3d9e60b45043a70c4ab7d3b1c6`
SHA1	`0e356ba505631fbf715758bed27d503f8b260e3a`
SHA256	`47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254`
SHA3	`47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc`

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0x140`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07603`
MD5	`ec6775cf218d37a3db7e2975b7485597`
SHA1	`9b7a4a089c465d2c21a888ca6de5f1e953fde884`
SHA256	`806551ebd88d958d1c7ba81cc7c2d263e88216e8492cba32dd189d284780a21f`
SHA3	`480d4ea347d325bbae6510a734e3b3c2dd322e82298e63c90195f31eeafdf5e6`

1 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14638`
MD5	`5e0424a037ed1cf4b86d9caed970dff9`
SHA1	`ba25c046ab514ed9c0fe80d94b538cc14eb9873e`
SHA256	`9cfb3aa9a4d088001f7f04eca941768005a833b82c7a468758758db4851aaf7d`
SHA3	`52bb085f2b6bc4139fdd5dddf1270ac5ab0d718640a03a4553d58f9141ba1a18`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46342`
MD5	`e90a939e1107e27e1d95c25e2eb0f65a`
SHA1	`0803a228263f67063a0d9ceb8b83638096c61b2a`
SHA256	`b096e4dddb79ce105a0c4ed8e8e0a42012910af392b49a27223fe4a3853291a2`
SHA3	`a547598048e9e5a2f151cab7647e631768c5d1bc83ed2d1c8b337dfd4dd5e372`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41509`
MD5	`44b38e737f03387a86db70708b9c5c4a`
SHA1	`44e99cdff9be3d4bea4ded3ebcde372ba56baacb`
SHA256	`e6fd723d8995f3c9a271bcf3cd168d772edbae433ec92138138bd73509b70394`
SHA3	`6d6c519d41df66f6de815b571062fa1ff3ec142c4b040374c4a2e4237829acf4`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19139`
MD5	`4c7576e8f541bb3e4915569e56509ae1`
SHA1	`0dc868575ce6ed6b549f802c5f76b3595e754147`
SHA256	`26221463542ad738ffb44cea755f5fa9de96f60ecd60e77e916f119772b76721`
SHA3	`5031fd914a31642187c6ee518342092b19bc479212e0a1f67a7827a300b11d5f`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33873`
MD5	`7684234aae030b0e361b77c545f619ad`
SHA1	`34f7b236d427701a82527e0c3f3b5cfad2b37373`
SHA256	`8369d3da7b57396a5ee78180ae5cc14f6b221d24f0dd7bcdea08e8fd72fe1629`
SHA3	`c06855cd1cb761ba46cfd6703ed55889c5e22e421d48fdf1396448fb0cee8f85`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.88711`
MD5	`30678f5b06bc441a5bd8ed2848236144`
SHA1	`1adf74277fe7a55c071771793d7e7a7077583f9a`
SHA256	`a2168a636b61b10eb79fc206ff59759a540b0bc50d647b12b0d9307f05a67a6d`
SHA3	`06f683a14c16a932ff56038bee77a48768f76b6b522abd76b72005977e2a7104`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.77815`
MD5	`c50e91e6d59210580879f7bc5bd36d62`
SHA1	`7c87c25593e11a38033eaae1f613feecb190cd82`
SHA256	`8b42d06bec9c3d35da35f76e0cca9f3a54a8cf20f16964b9e96723f4c8dc4561`
SHA3	`578047f04726ad769f9af3d11704858d6320710f23cb9db168ea3b1d7a0c45e6`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50319`
MD5	`011bde7b9c82d9453b7222950f92b18b`
SHA1	`2293e504ce311c482fee674198ec1ac2ffbd82f6`
SHA256	`dff0eed97555ee8f8a77fcac31e6d72bb11881e26eee69d5d5b731219de3c788`
SHA3	`45b672e12f38af60a224782a1eaa6fabe4b286473b24bbbdee70a82280ecc44d`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11958`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92667`
Detected Filetype	PNG graphic file
MD5	`489350e7dbc2bd241eeeaf928c84198b`
SHA1	`bc50c87a93df8fa475994e5bec8c18f826d2790e`
SHA256	`dc43f5a4d409399ac9d014a3200eb8467a1256091132d27c096116da451d0aee`
SHA3	`2ce1ce5c3caabb4d40b8659cd1927cc34d3fe078e81feee7eb029740e123e332`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91734`
MD5	`a0873adc85c929c39f54b1e889c20411`
SHA1	`a6778fc4cd3630e32ffd09491b9817eb549df98c`
SHA256	`054ae41265916de67a1444323c375e9bc8a77d374725aa0097fcc7abc882cf84`
SHA3	`845ecb1f9b158c9be9356b7ac225906a52ebb30ee74a35c6831c1ed0508b0b6b`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.5052`
MD5	`02f5aa301d295fa4ee30646e84ccdc84`
SHA1	`0973663fb700560f73b3fa839af2cdb5cdd35a91`
SHA256	`d3f2dc2ab4931a5892c2f8fb3fed87f84145bc8457b01f73651532e187eff417`
SHA3	`373758198c6ebba8b2dc5b5919e8926470af328251eb707070d3a1b02d0fc39e`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.68535`
MD5	`619569ee7f33365f88c67e5792ed5545`
SHA1	`146f599e47c7440cabb569e219042feb53f72bad`
SHA256	`7a1ede8d87b5e96a18742ea533e91325ff4fecb917a36bab3ddf2e2003053989`
SHA3	`be4bf9fbf543b75ab22d303c83563805afab0346a0a80e384913d2ec9f6ee766`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.42791`
MD5	`4aac2b52c5ac1670ebde434fd25a57e3`
SHA1	`05297673819212e45963685777defc78bf195ae9`
SHA256	`6e9662f0050a45633759bb21e7a6a395479673a5d6b9fcb80c34637c8d1fb45a`
SHA3	`0904557d3576c69d341c3826c0fd69e1c7f24d374fa9f56cf3ee73ff2d05458d`

14

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.908451`
MD5	`d8aba824f350e86425e4e4c2d3b0fd61`
SHA1	`e1d33d85fc80030d0f89bd408d17d2c1a5306fe1`
SHA256	`c236623349d81c7710fdb2d067bdc2f2cf9578eacf0c2226f18888d32770b321`
SHA3	`ee108a8a284135288c6e515ddce7c92f1f8fe86ab5ecb8fb24105e8f60bb7cea`

15

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x708`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.976563`
MD5	`a90c36993edeea581245649f7ef1b170`
SHA1	`a50e8b5d7df21a5196497383a284d4c5e4931b22`
SHA256	`28735e9850e69ad9ad9bdc7a94d94055d475687a756114141199cbbebd51da62`
SHA3	`81682b31a54696df57d79441ebca97cd59421c925c3158e943b62cd4e1bf9677`

16

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.04939`
MD5	`e501b713a647e58ba9d2751ec5878c7b`
SHA1	`2c00520faf2984a469fa47e09e5ff6bd3b684d85`
SHA256	`e9ff7fdff543ff80ae38157a85dabf1c3af7dc651f892cb89cda9cb5bb95a4fb`
SHA3	`8e0190db71b94f4ef0972eb4bbcc29974f63171430b55109190cfe23e22ec93a`

17

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.09605`
MD5	`5ef01567035d390cec46ee92d483b508`
SHA1	`54d59c86fba4cc0747c89aad33a987c8911d5820`
SHA256	`3bd45f78a8f971d77f6b0ebb0b2642a8f74e1b0fe097a1659dea9e1e71183edc`
SHA3	`9008ce1d4a4b86a7b33dd0b5d679b4f2e1461e654249e0e81643f139df04bd55`

18

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x708`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.87525`
MD5	`0d25df92834016f8b162cbbde8cdad46`
SHA1	`0fe7ff00682aed8ff84aa45e77e20d64b2284007`
SHA256	`915acc49d557a0512a70399be2c409a201b195ccc42124b4385845f79ff9ba31`
SHA3	`e0604c684a931adc044d64efeee2f6371a3485a25f5e2402f7c87417eab198a6`

19

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.19981`
MD5	`06bbe1b72811bf1350ea28436478d5d3`
SHA1	`3e2e34e7e9c340908e185663e8c70d49af36556e`
SHA256	`5c9fedbc9daa435f54734da82dcb40fdf88a26277b1bd4283700b38257d58b0e`
SHA3	`0c67aa16cf45334e0fa8e1622aaf5c5b49aa5d411d1cc4269c1c55e731f21a30`

20

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.18911`
MD5	`431dba7a84528a0b12a375b438c82f96`
SHA1	`e73a2f21d118c57c582f75fbbc50f071318347ae`
SHA256	`32eae13f4f44c7a7c3a6538d3e9b6fd17a250c63c4652b70624e5982858a713d`
SHA3	`fe28deb9df1380ba4ce5909818500c05352e4b97cc297f23f2cd5a76915e8a77`

21

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x708`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22356`
MD5	`3108351ba17358519d244d3c006d864c`
SHA1	`c71fd5c57893db489ec1e9b4f6db997131089016`
SHA256	`35d13fa732c1a23683e481ba05cc7c84e069b58e6bccf6fc8cb2d240444d59af`
SHA3	`b579a58901a78fffe847ca44bc02f5c3ed3c15cff53790e6e0a5de0bd1155473`

22

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.40258`
MD5	`8bf24ea7235975f96c6aaf6a20942e5c`
SHA1	`a3fc23e088cfddd8cad02ee5ee5bb3c4b5bea39e`
SHA256	`9af88274277109f3841769958ca5e20055fe2c20d730e497df18fe2e6efc482a`
SHA3	`9916f84eacdc9770d9883b7247d1189440dadb63a65de3a514593b2df81b3232`

2 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.08181`
Detected Filetype	Icon file
MD5	`7c02d334d2fd7620f9597a31f3fc404b`
SHA1	`4ecbb36af4cd46a792d513076f4e3a287935df07`
SHA256	`ac169d9ac176c5b6a2c3e06942b958ea9c789bd82f79b2f1ac0197e37a3149d4`
SHA3	`2c2ad36d5c878c1a1648e4a115ab6c443ae3aa28802570ce06aa90a658dacf48`

300

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85889`
Detected Filetype	Icon file
MD5	`17b935f2e5c25c6bee6f973914273b24`
SHA1	`31760c4505d2e641b9cd9f00870a35d3d965af5a`
SHA256	`b63d058ab1de99cc916e985c4595005efbb2783a1a8d9c4d4127ae0915fb0b48`
SHA3	`95812b77934f8dc402cb5473ec92c1608d48911e7d567d9e83ef51e657b9df5e`

301

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85889`
Detected Filetype	Icon file
MD5	`e25bb5e4a6e27d87b43967521865c880`
SHA1	`adf26aefdeb4c5f19daf14e17ae7c0787c65d5a9`
SHA256	`42f35cad1cdbd7118dadc35bb7d4b6d84098025b62060882e8777fe474d4214c`
SHA3	`bcfeedf98dbee4e08c48cdbf24b0f7eb191683e5ea445d7e1168f1fd6bf2517a`

302

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81723`
Detected Filetype	Icon file
MD5	`5e58f4ccb0c29ba6917b8a995d8758b6`
SHA1	`cf05e0706d839549921f1aadc80099af566a60be`
SHA256	`068bd85eb510fb914e61c3e08b79ce830f26ba9867f03f4fb4a2387fb6dde1ff`
SHA3	`839eb70c2fb0119c5ed5b81c9eeeae1b162db4c7ec731803a224423e88e5f207`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x374`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51383`
MD5	`19aac59f71848d0f6b3ee7479776adea`
SHA1	`3eac383e4b86107c1aca14ffa2e4eb667c919f78`
SHA256	`08ef32096897b2ddeaa4490806e6b5f26eeea398d6c48953a9dfaf5730408630`
SHA3	`65d9fdd368f95a3e706ed378e1e8474e858f19e8b7526f567de9a5c1acc7435f`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.99674`
MD5	`4b3f044e76911b5519c4870b17a47603`
SHA1	`6b470694d1b44f829b39f61bb77d131b066a3cca`
SHA256	`a5851fe2861d8cb18af6152194e59cc1bcb8731dd0ff1cf48a455269d11f7439`
SHA3	`2e6986914cee62aa03c1c9daaa966400c9a942fdc5b7bc768675331086e0f477`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.26100.8328
ProductVersion	10.0.26100.8328
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Notepad
FileVersion (#2)	10.0.26100.8328 (WinBuild.160101.0800)
InternalName	Notepad
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	NOTEPAD.EXE
ProductName	MicrosoftÂ® WindowsÂ® Operating System
ProductVersion (#2)	10.0.26100.8328

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2039-Jul-15 21:04:31
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x2ed80`
PointerToRawData	`0x2ed80`
Referenced File	notepad.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2039-Jul-15 21:04:31
Version	`0.0`
SizeofData	`1256`
AddressOfRawData	`0x2eda4`
PointerToRawData	`0x2eda4`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2039-Jul-15 21:04:31
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x2f2b4`
PointerToRawData	`0x2f2b4`

UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	2039-Jul-15 21:04:31
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x2f2d8`
PointerToRawData	`0x2f2d8`

TLS Callbacks

Load Configuration

Size	`0x148`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140034400`
GuardCFCheckFunctionPointer	`5368882240`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xa4531774`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`94`
Unmarked objects (#2)	`1`
C objects (33145)	`11`
ASM objects (33145)	`5`
C++ objects (33145)	`31`
Imports (33145)	`7`
Total imports	`1380`
C objects (LTCG) (33145)	`28`
253 (33145)	`1`
Resource objects (33145)	`1`
Linker (33145)	`1`

Errors

Leave a comment

No comments yet.